Job Title: Network Security Analyst
Location: Onsite in Austin TX (they may allow hybrid later but said to
consider an onsite role for now) Austin TX (not willing to relocate) only local
Duration: 6+ months
Interview Mode: Video then onsite
Job Description:
Location:
ONLY SEND CANDIDATES who ALREADY reside within 50 miles of Austin (NO
RELOCATION CANDIDATES ALLOWED). Also ask if they are traveling this week or
future weeks (we can''t send if they are going to be traveling next 2-3 weeks)
Interview they said might be either so send candidates who can conduct an in
person (we don''t have an option to change it and they will be auto rejected if
they can''t come for an interview if the client requires)
The primary work location(s) will be at TXCC San Antonio office, 506 Dolorosa
Street, San Antonio, TX 78204, or TXCC Austin office, 1001 North Loop, Austin,
TX 78756.
RESUMES MUST MENTION THE REQUIRED SKILLS FOR AT LEAST 5 YEARS OF JOBS. IF THEY
ALSO HAVE THE PREFERRED SKILLS THEY NEED TO BE MENTIONED BUT AT LEAST ALL THE
REQUIRED
WHAT TO SEND:
• Resume - including all the required skills for 5 years
• DL and if its from another state also include a bill to show current location
• Since its a Citizen if they have a name like Bob or Mike don''t need
anything but if its not a US Native name send passport (as long as it shows
name and photo they are free to black out rest) but otherwise we don''t have a
way to know they are a citizen, but again they can hide the personal details
• - also include form
MUST HAVE
5 Required Advanced host based forensics across Windows and Linux, including
memory, disk, and malware analysis, using telemetry from
NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and
reconstruct attacker activity.
5 Required Ability to correlate host, network, and intelligence data from
CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and
NetWitness to build complete incident timelines.
5 Required Experience producing high quality incident reports and executive
summaries using evidence collected from Gravwell, NetWitness,
Corelight, and case management workflows.
4 Required Strong understanding of adversary TTPs, intrusion kill chains, and
threat hunting methodologies using packet level and log level
data from but not limited to Corelight, NetWitness, and CRIBL pipelines.
3 Required Incident Commander experience
1 Required Experience supporting SLTT or critical infrastructure environments,
including multi tenant IR operations and cross agency
coordination.
PREFERRED
5 Preferred Proficiency with threat intelligence platforms, including Recorded
Future, ThreatMon, GreyNoise, Google Threat Intelligence,
VirusTotal, and Mandiant, to enrich investigations, validate indicators, and
map activity to MITRE ATT&CK.
5 Preferred Hands on experience using Cyware CSAP for incident orchestration,
automated enrichment, case creation, and workflow execution
across SIEM, IPS, EDR, and ticketing systems.
4 Preferred Security Certifications Preferred (CISSP, CIH, Sec+)
Job Description
• Perform advanced incident response across Windows and Linux environments,
including triage, containment, eradication, and recovery.
• Conduct host-based forensics, including log analysis, memory capture, file
system review, and malware behavior analysis.
• Serve as Incident Commander during cybersecurity events, coordinating
actions, documenting decisions, and communicating with leadership and affected
agencies.
• Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings
to MITRE ATT&CK.
• Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring
tools.
• Produce incident reports, timelines, and executive summaries for statewide
stakeholders.
• Support multi-agency response operations, including SLTT partners and
critical infrastructure entities.
• Provide recommendations for detection improvements, hardening, and long-term
mitigation.
• Participate in post-incident reviews, lessons learned, and playbook updates.
• Maintain readiness for 24x7 response through on-call rotation or surge
support.